Jump to content

str_replace not working (?)


llDemonll

Recommended Posts

function fCleanString($UserInput){

$UserInput = strip_tags($UserInput);

$UserInput = str_replace("'", "''", $UserInput);

return $UserInput;

}

 

that is a simple function I have set up to strip single apostrophes out of my database entries and replace them with two so it wont break the function.  ever since xfering it over to a new server (php 5, same as the old one) it hasn't been working and has been giving me an error (breaking code right where the apostrophe would be located).  help appreciated, thanks!

Link to comment
https://forums.phpfreaks.com/topic/145030-str_replace-not-working/
Share on other sites

MySQL 4.1.22 is the server version, both were mysql servers using phpmyadmin

 

and yea, it takes the input from a textbox with $_GET, and runs the function on it and assigns it to a new variable, and that variable is what gets put into the database

 

$strName = fCleanString($_GET['strName']);

 

$strSQL = "UPDATE database SET name='$strName', address='$strAddress', address2='$strAddress2', ....more of these.... WHERE CompanyID='$updateID'";

 

mysql_query($strSQL) or die('Update Insert error: ' . mysql_error());

 

gives the same error for the insert function.

 

the error it's throwing is:

Update Insert error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '8240 Resurrection Drive', address2='', city='Anchorage', state='AK', statefull='' at line 2

 

but its not line 2, its 2xx i think, cuz the update function isnt til a ways down on the page.  as you can see the part where it's breaking is right after the first address insert. this error was copied where $strName was input as Paw Prince', 8240 Resurrection Drive is what $strAddress is, and $strAddress2 is blank

 

tell me if you want a bigger code snippet to look at.

missed that, thought it was a typo.

 

so figured out that function puts a \ in front of \r, \n, \x00, \x1a, ' and '', but now in the database it goes in as Paw Prince\'s, should i just make a function to strip that slash after?

 

seems like stripslashes should be ooutside the real_escape..but then it seems counter-productive

you probably have magic_quotes enabled...you should disable them if you can...read up on that here:

http://us.php.net/manual/en/security.magicquotes.disabling.php

 

you can see if they are enabled with:

<?php
  if(get_magic_quotes_gpc())
    print "Magic Quotes Enabled";
  else
    print "Magic Quotes Disabled";
?>

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.